The hacker group called LulzSec has leaked a list of what it says are 62 thousand email addresses and passwords from around the world, including the login accounts of Australian government departments and Australian universities. Mark Hachman of PC Magazine says this is a serious breach, as the logins could be used to access confidential data or to obtain more accounts. LulzSec says it can't confirm whether all the logins still work but has published them for anyone to use.

Transcript

TONY EASTLEY: An online hacker group has struck again leaking 62,000 email addresses and passwords of individuals around the world.

Some of the leaked logins apparently unlock the emails of Australian Government departments, Australian universities and a Melbourne girls' high school.

The group LulzSec or Laughing At Your Security says it's just looking for some fun. But one expert says the security breach is malicious and could have far reaching consequences.

Here is Sarah Dingle.

SARAH DINGLE: Just who the hackers LulzSec are or where they are is not clear but they've made a name for themselves by causing trouble.

They've hacked the websites for Sony Pictures, Nintendo, Fox News and yesterday brought down the website of the CIA.

Last night LulzSec announced they were leaking more than 62,000 emails and passwords in a Tweet.

TWEET MESSAGE FROM LULZSEC: Twenty-one hundred downloads in four minutes. Better move fast before someone pillages all 62,000 from that list.

SARAH DINGLE: The leaked emails included Hotmail and Gmail identities.

There were also Australian Government department accounts including AusAid, the Victorian Department of Childhood and Early Education, the Emergency Services Telecommunications Authority of Victoria and several local councils in Victoria and New South Wales.

Also leaked were login details for eight Australian universities including the ANU, the University of New South Wales and the University of Queensland.

There also appeared to be two logins for two girls' high schools in Queensland and Melbourne.

Mark Hachman is the West Coast news editor of PC Magazine.

MARK HACHMAN: If one obtained password and user name information for a government official and was able to access that person's account then that person's account could be used in what's called a phishing attempt to try and socially engineer user names and passwords out of others, other accounts or information that simply could be used for malicious purposes.

It could be perhaps government data which was designed for internal use and not for public dissemination. Really any other, any number of possibilities come to mind.

SARAH DINGLE: It's unclear whether LulzSec has tried any of the accounts themselves. But even if they haven't someone else may have.

The leaked emails and passwords were published on a website for anyone to use.

Mark Hachman says the security implications are serious.

MARK HACHMANN: It's not quite clear whether those user names and passwords were affiliated with any particular group of users. It's unclear how they obtained this information. Obviously they are somewhat serious.

SARAH DINGLE: LulzSec says these emails are a random assortment from a collection and they can't confirm how old they are or how many are still working.

Mark Hachman says the other problem is that people tend to repeat their passwords.

MARK HACHMANN: It's very possible that just because an email account, user name and password has been published that information will unlock other stores of data that's unique to a particular user.

SARAH DINGLE: Mark Hachman says the only solution is to change your password and change it often.